json-rules-engine icon indicating copy to clipboard operation
json-rules-engine copied to clipboard
verified publisher icon CacheControl

list of breaking changes v7

Open mesqueeb opened this issue 10 months ago • 11 comments

I see that latest version is 7 on npm but the CHANGELOG file here only goes until 6. How can we upgrade to v7?

mesqueeb avatar Jan 23 '25 21:01 mesqueeb

Yes, for example what is valueResult and what is it for?

Used https://docs.github.com/en/pull-requests/committing-changes-to-your-project/viewing-and-comparing-commits/comparing-commits#comparing-commits to check DIFF

coler-j avatar Jan 31 '25 23:01 coler-j

@chris-pardy would be great if you could also update the Github Releases, just for posterity's sake : )

mesqueeb avatar Feb 01 '25 01:02 mesqueeb

would suggest using semantic-release, so you don't manually need to manage changelog, versioning and publish.

marc-at-brightnight avatar Feb 12 '25 11:02 marc-at-brightnight

Also it seems tags are out of sync as well.

ashishtilara avatar Feb 12 '25 22:02 ashishtilara

I'm very hesitant to upgrade to anything v7 without knowing what breaking changes were introduced over v6

Matthew-Smith avatar Apr 01 '25 15:04 Matthew-Smith

Agreed, the release information is all behind. Neither the CHANGELOG.md nor the Releases section of GitHub is updated. Nor are they even in sync with each other. GitHub says the latest release is 6.5.0. The CHANGELOG.md says the latest release is 6.1.0. Neither is correct.

robross0606 avatar Apr 17 '25 15:04 robross0606

👋🏼 any update? Upgrade to v7 blocked by the lack of release notes or changelog

freitasskeeled avatar Jun 23 '25 12:06 freitasskeeled

I'm really surprised this is being completely ignored by repo maintainers. How can anyone be expected to upgrade a major version when there's zero documentation on what was broken or how to migrate?

robross0606 avatar Aug 08 '25 13:08 robross0606

I researched this a bit. It seems 7.0 was released as a major version bump because a new release was needed to address security vulns in jsonrules-plus and that module needed a major version bump to pull in the fix. So it seems this module had a major version bump to discuss that:

https://github.com/CacheControl/json-rules-engine/pull/379#issuecomment-2414019651

But it gets messy because jsonrules-plus also seems be ESM-only, which appears to affect this module.

https://github.com/CacheControl/json-rules-engine/issues/417

And more mesiness: There's a milestone for a v7 release of this module... but most of the tasks for v7 are marked as haven been completed (!!).

https://github.com/CacheControl/json-rules-engine/milestone/1

All of this means it would be /very/ helpful if there was a prop changelog or release notes for 7.0 to understand the security content and breaking changes in the release.

markstos avatar Sep 17 '25 16:09 markstos

@markstos this is correct reason for the major version bump

A few things - Both @CacheControl and myself have a number of other professional and personal commitments which stop of from being able to devote full-time effort into this library. That being said I can make it a priority to fix the release notes and add the releases - previously those have been done in a semi-automated fashion but it seems like something broke in the workflow.

Regarding the milestone. That was a design for a major change to the library that would introduce breaking changes but we ended up needing to shelve those plans for v7 and use that breaking change for this breaking change to JSON Path Plus. I can rename the milestone to make that more clear.

I hope to have some more time to put into this library in the near future which should hopefully help with issues like this in the future.

chris-pardy avatar Sep 17 '25 17:09 chris-pardy

Thank you @chris-pardy ! I help maintain some OSS packages myself and I appreciate the work you have put into this-- I agree that with the right automation in place it should be easier to keep with Changelog notes in the future.

markstos avatar Sep 17 '25 17:09 markstos